Why Automated Security Threats are Proliferating and How to Fight Back

We’ve written before about the importance of looking inward, rather than out, when it comes to evaluating what types of cyberattacks are the biggest threat to your unique organization. A large part of the attack landscape today includes automated threats. Rarely do we come across handcrafted attacks targeting specific organizations. A far cry from bespoke and laser-targeted, the vast majority of today’s cyberattacks are built for volume and trolling for the weakest point of entry.

So, what exactly are automated security threats and how can you best protect your organization from them?

Understand the Attacker Perspective

In most cases, attackers are looking for a good return on investment. It’s probably not worth it for them to sit in a room trying to breach a specific organization for weeks, unless you are talking about a nation-state or another organization with very specific goals. Much more common is the cybercriminal who just wants to make a quick, easy buck.

In fact, quite a few cybercriminals have realized that there’s more money to be made in building botnets that they can rent out to other people than in executing the cyberattacks themselves. Once you begin to look under the hood, it’s actually kind of amazing just how commoditized the cyberthreat landscape has become.

Specifically, when it comes to automated threats, you may want to spend some time familiarizing yourself with how these types of attacks work, how they breach systems, and how they persist. This can help your organization optimize security configuration and minimize risk.

The mechanics of automated attacks are important to understand when it comes to strategically building your defenses. Yes, if you work for a major defense company or a government agency, you may need to plan ahead for the possibility of a direct, targeted attack. But odds are you’re better off focusing on the low-hanging fruit like automated attacks.

Make Yourself an Unappealing Target

Automated security threats include things like botnets and exploit kits. In many cases, what these programs are doing is looking for common weaknesses. They go after known vulnerabilities that many organizations have not gotten around to patching, because it’s much easier than developing exploits for zero-day vulnerabilities.

Because these are not cutting-edge vulnerabilities, it’s another case of our favorite analogy: You don’t have to run faster than the bear. You just have to run faster than the other guy.

We’ve written in some depth about what it takes to make yourself an unappealing target. It’s not about perfect security (impossible), but about good security (achievable). In our view there are a few key steps:

Understand how hackers think (as we mentioned above) — in this case, understand why they use automated tactics and how they work.

Ignore the headlines and remain focused on real threats to your business.

Prioritize and address vulnerabilities.

As far as the third bullet is concerned, it helps to adopt a mindset of continuous security improvement. There’s always more to be done, so if you can prioritize the steps you need to take and methodically work to check them off the list, you’ll be in a very good position relative to other organizations. The list will never end, but you’ll always stay on top of security issues.

Beat Them at Their Own Game

One of the reasons automated attacks work so well is that they’re hands-off. There’s little room for human error, and they require minimal upkeep and maintenance. This is one area where the bad guys definitely have the right idea. The more you can automate your security posture, the less likely you are to be breached.

As we pointed out in an earlier post, there are specific areas where nearly every company can benefit from automating security tasks. Briefly, these include:

Alert Severity Levels: To help make sure you get the right alerts at the right times

User Provisioning and Deprovisioning: To ensure that users have the appropriate level of permissions and minimize insider threats

Troubleshooting and Enumeration Tools: To monitor the installation and use of all security tools in production environments (which could potentially be weaponized against you)

Of course, there are lots of other areas where automation can have a big impact on your security posture (incident response and investigations spring to mind), but these five areas are a really good place to start, especially when it comes to defending against automated attacks.

Better Safe Than Sorry

At Threat Stack, we spend a significant amount of time monitoring trends in the threat landscape as they evolve, and we are often speaking directly with our customers about what they’re seeing out in the wild. Threats evolve quickly, so it’s important to maintain a baseline understanding of what types of attacks cybercriminals are leveling today. Automated ones are a big deal right now.

So, rather than obsessing over the latest breach headlines or trying to prepare for every worst-case scenario, it’s a good idea to get strategic and build your defenses against common automated attacks. This means understanding how attackers work, patching up vulnerabilities to make yourself an unappealing target, and using automation against the bad guys. If you put these three tactics to work, you’ll be well on your way to a stronger security posture, no matter how the threat landscape evolves.

15 years of experience as a security engineer at Trusteer (IBM Security), Core Security Technologies, and Threat Stack, has made Anthony a valuable member of Threat Stack's growing Oversight team. Anthony helps our customers deploy, configure, fine-tune, and manage their continuous security monitoring so they can run secure and compliant, without sacrificing time and resources.